Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.OPENOFFICE_221.NASL
HistoryJun 20, 2007 - 12:00 a.m.

Sun OpenOffice.org RTF Parser prtdata Tag Buffer Overflow

2007-06-2000:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
17
JSON

The remote host is running a version of Sun Microsystems OpenOffice.org that is affected by a heap-based buffer overflow in its RTF document parser that is triggered when parsing ‘prtdata’ tags. If a remote attacker can trick a user into opening a specially crafted RTF document, he can execute arbitrary code on the remote host subject to the user’s privileges.

#
#  (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(25552);
  script_version("1.19");

  script_cve_id("CVE-2007-0245");
  script_bugtraq_id(24450);

  script_name(english:"Sun OpenOffice.org RTF Parser prtdata Tag Buffer Overflow");
  script_summary(english:"Checks version of Sun OpenOffice.org.");

 script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a program that is affected by a buffer
overflow vulnerability." );
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of Sun Microsystems
OpenOffice.org that is affected by a heap-based buffer overflow in its
RTF document parser that is triggered when parsing 'prtdata' tags. If
a remote attacker can trick a user into opening a specially crafted
RTF document, he can execute arbitrary code on the remote host subject
to the user's privileges." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2007/Jun/169" );
 script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/issues/show_bug.cgi?id=77214" );
 script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2007-0245.html" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Sun Microsystems OpenOffice.org version 2.2.1 or later." );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(119);
 script_set_attribute(attribute:"plugin_publication_date", value: "2007/06/20");
 script_set_attribute(attribute:"vuln_publication_date", value: "2007/06/13");
 script_cvs_date("Date: 2018/11/15 20:50:27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sun:openoffice.org");
script_end_attributes();


  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");

  script_dependencies("openoffice_installed.nasl");
  script_require_keys("SMB/OpenOffice/Build");

  exit(0);
}

build = get_kb_item("SMB/OpenOffice/Build");
if (build)
{
  matches = eregmatch(string:build, pattern:"([0-9]+[a-z][0-9]+)\(Build:([0-9]+)\)");
  if (!isnull(matches))
  {
    buildid = int(matches[2]);
    if (buildid < 9161) security_hole(get_kb_item("SMB/transport"));
  }
}
VendorProductVersionCPE
sunopenoffice.orgcpe:/a:sun:openoffice.org

Related

nessus 31
fedora 7
openvas 23
ubuntu 1
osv 1
redhat 1
suse 1
ubuntucve 1
cve 1
checkpoint_advisories 2
oraclelinux 1
prion 1
debian 1
centos 1
securityvulns 1
gentoo 1
nessus
nessus
SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 3761)
2007-12-13 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 : openoffice.org(2)/-amd64 vulnerability (USN-482-1)
2007-11-10 00:00:00
Oracle Linux 3 / 4 : openoffice.org (ELSA-2007-0406)
2013-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: openoffice.org-2.2.0-14.11
2007-06-13 21:10:05
[SECURITY] Fedora Core 6 Update: openoffice.org-2.0.4-5.5.23
2007-06-12 21:24:19
[SECURITY] Fedora 7 Update: openoffice.org-2.2.1-18.2.fc7
2007-10-04 18:47:11
openvas
openvas
Ubuntu Update for openoffice.org(2)/-amd64 vulnerability USN-482-1
2009-03-23 00:00:00
Fedora Update for openoffice.org FEDORA-2007-572
2009-02-27 00:00:00
Mandriva Update for openoffice.org MDKSA-2007:144 (openoffice.org)
2009-04-09 00:00:00
ubuntu
ubuntu
OpenOffice.org vulnerability
2007-07-11 00:00:00
osv
osv
openoffice.org - heap overflow
2007-06-12 00:00:00
redhat
redhat
(RHSA-2007:0406) Important: openoffice.org security update
2007-06-13 00:00:00
suse
suse
remote code execution in OpenOffice_org
2007-06-28 16:37:56
ubuntucve
ubuntucve
CVE-2007-0245
2007-06-12 00:00:00
cve
cve
CVE-2007-0245
2007-06-12 21:30:00
checkpoint_advisories
checkpoint_advisories
OpenOffice RTF File Parsing Heap Buffer Overflow (CVE-2007-0245)
2010-08-03 00:00:00
IPS-1 Updates against Adobe, Microsoft Windows, Microsoft DirectShow and OpenOffice.org Vulnerabilities
2008-02-26 00:00:00
oraclelinux
oraclelinux
Important: openoffice.org security update
2007-06-13 00:00:00
prion
prion
Heap overflow
2007-06-12 21:30:00
debian
debian
[SECURITY] [DSA 1307-1] New OpenOffice.org packages fix arbitrary code execution
2007-06-12 18:10:47
centos
centos
openoffice.org, openoffice.org2 security update
2007-06-13 22:55:37
securityvulns
securityvulns
OpenOffice buffer overflow
2007-06-14 00:00:00
gentoo
gentoo
OpenOffice.org: Two buffer overflows
2007-07-02 00:00:00
JSON
Related for OPENOFFICE_221.NASL
nessus31fedora7openvas23ubuntu1osv1redhat1suse1ubuntucve1cve1checkpoint_advisories2oraclelinux1prion1debian1centos1securityvulns1gentoo1